<%
Select case request.QueryString("pass")

CASE "":
%>
<form action="default.asp?modulo=news&file=prova&pass=1" method="post" onSubmit="return testcomm()" name="com">
						
						<textarea style="width:100%; height:80px;" class="inputclass" name="commento" rows="5" cols="60"></textarea>
						<br /><script type="text/javascript">displaylimit("document.com.commento",255)</script><br />
						<input type="hidden" value="" name="idnews" />
						<input type="hidden" name="url" value="<%=request.ServerVariables("URL") & "?" & replace(request.ServerVariables("QUERY_STRING"), "&", "&amp;")%>" />
						<input type="submit" value="" class="buttonclass" />
</form>
<%
CASE 1:
	response.Write testSQLinj(request.Form("commento"))
End select
%>